EPOS Security and Compliance Center

EPOS Digital Solutions are built for data security and compliance.

How is EPOS securing your data?

EPOS is committed to applying the highest security and compliance standards when it comes to your data. Internal and external processes and third-party audits are all set up to make EPOS a secure and trusted partner.

Security

EPOS protects your data at rest and in transit in your on-premises or cloud deployments. Enterprise-grade security with rigorous controls ensure secure and efficient management of your EPOS devices.

Data Security

- Data encryption at-rest
- Data encryption in-transit

Product Security

- Logging and frequent monitoring
- Access management
- Secure development process

Corporate Security

- Security trainings
- Vendor management
- SOC II policies
- Facilities security

Compliance

EPOS is GDPR compliant and uses the System and Organization Control (SOC) Type I as a framework for yearly audits. These audits verify the top-level security in data storage as well as internal security policies, processes and employee onboarding and training.


The purpose of the SOC II report is to help you understand the controls established by EPOS to support operations and compliance.

Need more information regarding the SOC II report?

Contact us

FAQ

Explore EPOS Digital Solutions

  • EPOS Manager

    Save time and drive efficiency through remote update deployments and get insights into how to improve workplace productivity.

    Learn More
  • EPOS Connect

    Update company devices with the latest firmware and personalize audio device settings to ensure flawless operation for end-users.

    Learn more
  • EPOS Developer Portal

    A simple, scalable, and secure platform for partners and customers to access all EPOS APIs and SDKs

    Learn More

Vulnerability Disclosure Policy

Our products show compliance to different mandatory EU directives by either an EU DOC (self-declaration) or EU type examination certificate.

Learn more

EPOS vulnerability disclosure Policy follows our RED Certification. This policy includes:

  • Contact information for the reporting of issues; and
  • Information on timelines for:
    • Initial acknowledgement of receipt; and
    • Status updates until the resolution of the reported issues.

Contact



Contact software support with your concerns about security and vulnerabilities with subject line: vulnerability_report

Vulnerability Policy timeline:

We handle every report of vulnerability with care.

What You Can Expect

When we receive a report of a possible vulnerability through the EPOS Security and Compliance Center, this is what the sender can expect regarding getting an answer:

  • Initial acknowledgement after 5 days max
  • Status after 4 weeks
  • Resolution answer after 80 days

Our Procedure

The triage of these reports will be done by our Vigilance Evaluation Board, using our internal Procedure called G-600 Vigilance.

The board has a system of vigilance that evaluate the vulnerabilities reports that come in.

They are scored on two parameters 1) Severity of thread & 2) Likelihood of the vulnerability being used.

For More Information

Please also contact us, if you want to hear more about the way we perform this triage, and how the Vigilance Board operates. This could be in the event of a Request for Proposals etc.